System And Method For Authorizing A Remote Device

ABSTRACT

A system and method for authorizing a remote device amongst multiple remote devices for passive functions, such as passive entry and passive start, includes a vehicle having a plurality of strategically located antennas, combinations of which transmit a query signal and receive query responses, a challenge antenna amongst the plurality of antennas for transmitting a challenge signal to at least one of the multiple remote devices in accordance with a challenge order, and a control unit having a controller in communication with the antennas for determining the challenge order based upon the query responses. The controller can determine whether a remote device is located in an authorization zone, out of an authorization zone, or whether the remote device&#39;s location is indeterminate.

TECHNICAL FIELD

The following relates to a system and method for authorizing a remotedevice for passive vehicle functions such as passive entry and passiveengine starting.

A detailed description and accompanying drawings are set forth below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 depicts a simplified, exemplary environmental diagram inaccordance with one or more embodiments of the present application;

FIG. 2 a depicts a simplified, exemplary signal diagram in accordancewith one or more embodiments of the present application;

FIG. 2 b depicts an alternate simplified, exemplary signal diagram inaccordance with one or more embodiments of the present application;

FIGS. 3 a-b illustrate a simplified, exemplary process flowchartdepicting a method in accordance with one or more embodiments of thepresent application; and

FIGS. 4 a-b illustrate a simplified, exemplary process flowchartdepicting another method in accordance with one or more embodiments ofthe present application.

DETAILED DESCRIPTION

With reference to FIGS. 1-4, a more detailed description of embodimentsof the system and method and various components thereof will now beprovided. It is well known in the automotive industry to providewireless communication systems in vehicles for a variety ofapplications. These include, but are not limited to, remote keylessentry (RKE), tire pressure monitoring, remote control of garage dooropening systems, vehicle immobilization, voice activated controls, andothers.

Typical RKE systems provide for remote control by a vehicle owner oruser of vehicle security systems, door locks, trunk latch, exteriorand/or interior lights, horn and/or alarms. Other vehicle systems oroperations that may be remotely controlled by a vehicle user or ownerwith RKE systems include sliding-door or lift-gate control, remoteengine start, vehicle interior climate control, and others.

In that regard, systems for remote vehicle access and other remoteoperations include a remote control device or unit, which is commonlyreferred to as a “fob” or “key fob.” The remote control unit has atransmitter, and wireless radio frequency (“RF”) signals are transmittedby the transmitter of the remote control unit that include commands forperforming vehicle operations or functions such as unlocking the vehicledoors or starting the vehicle engine. Currently available fobs arehand-held, portable devices, and may be separate units or may be part ofan ignition key head.

Such systems also typically include a receiver and/or device controlunit installed in the vehicle. RF command signals transmitted by theremote control unit are received by the vehicle-mounted receiver and/ordevice control unit, and may be relayed to appropriate controlcircuitry, systems or subsystems in the vehicle in order to effectuatethe desired operation or function. For example, the receiver and/ordevice control unit may be provided in direct or indirect (e.g., over avehicle bus) communication with door locking mechanisms to lock andunlock the vehicle doors in response to lock or unlock signals receivedfrom the remote control unit. Similarly, the receiver and/or devicecontrol unit may be provided in communication with other vehicle devicesto control operation thereof in response to other signals received fromthe remote control unit.

Remote communication systems may be active or passive in nature. Activesystems require a vehicle owner or user to manually transmit a commandsignal, such as by actuating one or more push-buttons provided on theremote control unit. In passive systems, signals are automaticallytransmitted so that, for example, a vehicle door may be unlocked as thevehicle owner or user approaches the vehicle and/or touches the doorhandle to open the door, without the need for any additional action bythe vehicle owner or user.

In that regard, in a passive keyless entry system, a remote unit, whichmay be referred to as a “fob” or a “card,” is typically provided with atransceiver for communicating with a transceiver and/or device controlunit installed in the vehicle. In such systems, the remote unit carriedby an operator may be used, for example, to automatically unlock thevehicle as the operator approaches the vehicle, without the need foroperation of any switch or pushbutton by the operator. Similarly, thesystem may further be designed to automatically lock the vehicle as theoperator, carrying the remote unit, moves away from the vehicle. Avehicle-mounted transceiver and/or device control unit is again providedin direct or indirect communication with control circuitry, systems orsubsystems to effectuate a particular operation in response to signalsreceived from the remote unit, such as door locking mechanisms to lockand unlock the vehicle doors. In a passive engine starting system, thevehicle ignition may be unlocked without the use of an ignition key.Rather, the operator may request engine start with the simple push of anignition button. The operator's credentials are verified with theautomatic exchange of signals between the remote device carried by theoperator and the device control unit.

RKE systems are referred to as “one-way” systems where communication ortransmission of signals only takes place from the portable remotecontrol unit having a transmitter to the vehicle-mounted device having areceiver. However, as is again well known by those of ordinary skill,such systems may also be “two-way” in nature. In “two-way” systems, theportable remote control unit carried by the vehicle user or ownerincludes a transceiver, and the vehicle-mounted device also includes atransceiver. As both the remote control unit and the vehicle-mounteddevice are capable of transmitting and receiving wireless signals,two-way communication between those devices is enabled.

In “two-way” systems, communication from the vehicle-mounted device orunit to the portable remote control device or unit may be for any of anumber of purposes, such as for prompting a passive remote controldevice to transmit a signal, acknowledging the receipt of a commandsignal from a remote unit, or others. In that regard, the remote controldevice or unit may be provided with a display, such as a liquid crystalor light emitting diode display, so that the vehicle owner or user canconfirm that a command signal has been received by the vehicle-mounteddevice or unit and that the command has been effectuated (e.g., thevehicle doors have been locked/unlocked; the vehicle engine has beenstarted).

A two-way passive entry system requires that an authorized remote unitor fob be placed on or near a person who is attempting to gain entryinto a locked vehicle. The locked vehicle contains a fixed control unitincluding a primary controller for the passive entry system. The passiveentry system must be mated with the remote units for the exchanging ofprivate security keys and other information. Multiple remote units canbe mated to the system in the case of multiple users. In the case wheremultiple remote units are present, system latency is of the utmostimportance, particularly when their locations may not initially beknown.

Referring now to the drawings, a system and method for authorizing aremote device, amongst multiple remote devices, as quickly as possibleis disclosed.

FIG. 1 is a simplified, exemplary environmental diagram of a passiveactivation system 10 for a vehicle 12 according to one or moreembodiments of the present application. The term passive activationsystem as used herein may at least refer to a passive entry system, apassive engine starting system, or both. The system 10 may include oneor more remote transceivers 14 capable of two-way wireless communicationwith a vehicle transceiver or control unit 16 installed in the vehicle12. Each remote transceiver 14 may be a separate fob or card, part of avehicle ignition keyhead, or any other suitable configuration known inthe art. The remote transceivers 14 may be operable with both active andpassive vehicle systems. To this end, an operator (not shown) may usethe remote transceiver 14 from a distance to actively transmit a commandsignal 18 that includes a command message in order to remotely perform adesired vehicle operation or function represented by the commandmessage, such as locking or unlocking vehicle doors, activating ordeactivating a vehicle security system, activating or deactivatingvehicle interior and/or exterior lights, starting the vehicle engine,and/or others. Such a transmission by the remote transceiver 14 may bein response to user input, which may be provided to the remotetransceiver in any fashion known in the art, such as actuation of apush-button or by voice recognition.

In active systems, the command signal 18 may ultimately be received atthe vehicle-mounted control unit 16, which may be mounted at anysuitable location on the vehicle 12. The control unit 16 may include acontroller 20 operable to relay the command message of the commandsignal 18 to an appropriate vehicle function 22 in order to effectuatethe command, such as locking or unlocking vehicle doors, activating ordeactivating a vehicle security system, activating or deactivatingvehicle interior and/or exterior lights, starting the vehicle engine,and/or others. In that regard, the vehicle function 22 may be, forexample, a computer, microprocessor, control circuit, logical device,vehicle system, vehicle device, or vehicle subsystem, or the like. Relayof the command message by the control unit 16 may include translation ofthe command message of the command signal 18 by the controller 20 intoan output control signal 24. The control unit 16 may be provided indirect communication with the vehicle function 22, or may be provided incommunication with the vehicle function indirectly, such as over avehicle data or communications bus (not shown).

In passive systems, however, the command message may not be received ina command signal transmitted from a remote transceiver. Rather, thecommand message may be generated at the vehicle 12 by sensor systems(not shown) monitoring operator behavior, such as the approaching ortouching of an access handle 26 for a door or liftgate 28 or thedepressing of an ignition switch 30. When the passive activation system10 is activated during an attempt to gain entry, e.g., by physicallypulling an access handle, a successful authorization process must occurthat involves two-way wireless communication with a remote transceiverbefore the command message is relayed to the appropriate vehiclefunction for carrying out the command. As part of the authorizationprocess, the passive activation system 10 may expect a remotetransceiver 14 to be physically located in an authorization zone 32 inorder to gain entry into a specific access point, such as the door 28.When multiple remote transceivers 14 are present, the passive activationsystem 10 must identify and authorize a valid remote transceiver withminimal system latency.

As shown in FIG. 1, the passive activation system 10 may include aplurality of antennas 34 electrically coupled to the control unit 16.The plurality of antennas 34 may be strategically located throughout thevehicle 12 in order to define several authorization zones, though justone authorization zone 32 is depicted for exemplary purposes. Eachauthorization zone 32 may be defined using a different combination ofone or more antennas 34. The authorization zone 32 that is active maydepend upon an operator's action. For instance, if an operator isattempting to gain entry to the vehicle 12 by pulling on the accesshandle 26 for the driver door, then the authorization zone 32 mayencompass a region immediately adjacent the access handle 26 for thedriver door. A different authorization zone may become active if thesystem 10 determines that an attempt to gain entry is occurring at analternate location.

The authorization zone 32 may be created by defining its boundaries 36using inclusion and exclusion criteria based on signal amplitudes fromat least one of the multiple strategically located antennas 34. Forexample, an arbitrary, irregular shaped authorization zone may bedefined using three strategically located antennas so long as the zone'sspan is confined to the coverage area of the three antennas. Aspreviously mentioned, a different authorization zone may be specifiedusing a different combination of antennas. It should be noted that anauthorization zone is not necessarily irregular-shaped when threeantennas are employed. Rather, the use of three antennas just means thatspecification of an irregularly-shaped zone is possible. As anotherexample, an ecliptically-shaped authorization zone may be specifiedusing just two strategically located antennas. Of course, anauthorization zone may be specified using a single antenna or acombination of more than three antennas without departing from the scopeof the present application. For purposes of description only, referencesmade herein may be to authorization zones defined using a three-antennaconfiguration although other configurations are fully contemplated.

Referring generally to FIGS. 2 a-b and 3 a-b, the authorization processmay be conducted in two stages: a query phase 38 and a challenge phase40. Collectively, the query phase and the challenge phase make up atleast a portion of an authorization session. During the query phase 38,the passive activation system 10 may look for the presence of at leastone remote transceiver 14 in the authorization zone 32. If one or moreremote transceivers 14 are discovered in the authorization zone 32, thepassive activation system 10 may then attempt to validate the securitycredentials of at least one remote during the challenge phase 40. Assoon as one remote transceiver 14 is validated, the authorizationsession may end and the passive vehicle function may be executed, e.g.,automatic door lock/unlock, passive start, trunk, liftgate, liftgatewindow unlock. Similarly, the passive activation system 10 may look forthe presence of more than one remote transceiver 14 in the authorizationzone 32. If multiple remote transceivers 14 are discovered in theauthorization zone 32, the passive activation system 10 may then attemptto validate the security credentials of all remote transceivers duringthe challenge phase 40. As soon as all remote transceivers 14 arevalidated, the authorization session may end and any passive relatedfunctions may be executed for the purpose of search, location or othersimilarly related functions.

With specific reference to FIG. 2 a, a simplified, exemplary signaldiagram 42 according to one or more embodiments of the presentapplication is shown. The axis of abscissa may represent time in arelative manner; the specific timing of the signals may vary and, thus,the time scale is not necessarily fixed. An upper portion 44 of thesignal diagram 42 depicts signals transmitted from the vehicle-mountedantennas 34, while a lower portion 46 of the signal diagram depictssignals transmitted from the remote transceivers 14. The antennas 34 maytransmit short-range low frequency (LF) data signals to the remotetransceivers 14. On the other hand, the remote transceivers 14 maytransmit long-range data signals to the vehicle 12. For example, theremote transceivers 14 may transmit long-range ultra high frequency(UHF) signals to the vehicle.

During a first communication phase, the query phase 38, a remotetransceiver's location with respect to the authorization zone 32 may bedetermined by transmitting a query signal 48. The query signal 48 mayinclude, for example, a plurality of sequential signal bursts 50comprising a single signal burst transmitted from each of three queryantennas 34 (A, B, C) employed to query for the presence of remotetransceivers 14 in a particular authorization zone. All remotetransceivers 14 within range may receive the signal bursts 50 indiscrete time steps. Each signal burst 50 may include a data portion 52and a signal portion 54. The signal portion 54 may be a continuous wave(CW) signal transmitted at a predetermined frequency for a predeterminedperiod of time. The data portion 52 may include instructions for theremote transceiver 14 to sample the signal amplitude of the signalportion 54. The data portion 52 may further include instructions for theremote transceiver 14 to transmit a reply signal 56 in response to thequery signal 48 containing the sampled signal amplitudes from eachantenna burst 50. To this end, each remote transceiver 14 may include areceived signal strength indicator (RSSI) as is known in the art.

In response to the query signal 48, each remote transceiver 14 in rangemay transmit the reply signal 56, containing the RSSI data for eachantenna 34, back to the system 10. Each reply signal 56 may comprise asingle data burst transmitted within a discrete time frame per remotetransceiver 14 to prevent signal collisions. The positions of the remotetransceivers 14 can then be evaluated by the passive activation system10 using, for example, a known triangulation method that may compare thereceived signal amplitudes against previously programmed criteria. Thecriteria may be empirically predetermined to create the authorizationzone boundaries 36 having defined inclusion and exclusion areas based oncombinations of at most three absolute signal amplitude thresholdscorresponding to the three query antennas. It should be noted that atriangulation method may not be necessary for authorization zonesgenerated using fewer than three antennas because such zones have acertain characteristic shape and, based on signal amplitudes from theantenna(s), it can be determined whether a remote transceiver is withinthe boundaries of this characteristic shape.

When a remote transceiver is determined to be within the definedauthorization zone 32, it may then be confirmed with a secondcommunication phase, the challenge phase 40, using a challenge/responseprotocol to explicitly validate the security credentials. In the casewhere the presence of multiple remote transceivers 14 are detected, achallenge hierarchy may be employed in order to prioritize the remotetransceivers 14 and determine a challenge order. The hierarchy mayidentify the remote transceiver 14 that is the best candidate forchallenging, which can help to minimize system latency. According to oneor more embodiments of the present application, the challenge hierarchymay utilize a primary priority order and a secondary priority order. Theprimary priority order may involve classifying each remote transceiver14 based upon its evaluated position. For instance, based upon itsevaluated position, it can be determined whether a remote transceiver isin an excluded, included or indeterminate position with respect to thespecified authorization zone 32. The secondary priority order mayprioritize remote transceivers sharing the same classification, e.g.,included or indeterminate. According to one or more embodiments, theRSSI data received in the reply signal 56 from each remote transceiver14 may be used to determine the secondary priority order.

According to the challenge hierarchy, excluded remote transceivers maybe assigned the lowest priority and disregarded for challenge purposes.Excluded remote transceivers may never be considered for the challengephase because of their physical location. Included remote transceivers,on the other hand, may be remote transceivers positively determined tobe positioned within the authorization zone 32. Therefore, includedremote transceivers may receive the highest challenge priority. Whenmultiple included remote transceivers are present within theauthorization zone 32, a remote transceiver having a higher RSSI value(i.e., nearer position) may receive higher secondary priority than aremote transceiver with a lower RSSI value.

A challenge antenna 34 (D) may be selected for initiating the challengephase 40. The challenge antenna may or may not be one of the queryantennas selected for the query phase 38. Under certain circumstances,the challenge antenna responsible for communications during thechallenge phase 40 may be predetermined based upon, for instance,operator action. For example, when the passive activation system 10 isattempting to authorize a remote transceiver upon the physical touchingof an access handle, the antenna 34 nearest the relevant access handle26 may be specified as the challenge antenna. Other circumstances maydictate that the challenge antenna is not initially known. If thechallenge antenna has been explicitly specified for use in theauthorization zone 32, then the secondary priority order may be basedsolely upon the signal amplitude of the specified challenge antenna, butonly if RSSI data for that antenna was previously sampled during thequery phase. If a challenge antenna is not specified beforehand or thechallenge antenna that is specified is not one of the query antennasused during the query phase, then the secondary priority order may bebased upon the sum of all query antenna signal amplitudes sampled duringthe query phase. Alternately, the secondary priority for when thechallenge antenna is not predetermined may be based upon the single,strongest signal amplitude received out of all the query antennas. Thesecondary priority order may help insure that the remote transceivers 14with a higher challenge priority will have a better signal to noiseratio, which may provide the best chances for successful communicationduring the challenge phase 40.

Potentially, remote transceivers 14 may be physically within theauthorization zone 32, but not enough information could be gathered fromthe query antennas to make a positive determination. These remotetransceivers may be classified as indeterminate. A remote transceiverwith an indeterminate position may receive lower priority than a remotetransceiver evaluated to be in an included position. Indeterminateremote transceivers can be an exceptional case. Thus, indeterminateremote transceivers may require additional advanced processing todetermine their exact position. Similar to the included remotetransceivers described above, an indeterminate remote transceiver with ahigher RSSI value (i.e., nearer position) may likewise receive highersecondary priority than an indeterminate remote transceiver with a lowerRSSI value. Accordingly, the challenge hierarchy for determining thechallenge order may be represented as follows:

1) Included remote transceivers with higher RSSI;2) Included remote transceivers with lower RSSI;3) Indeterminate remote transceivers with higher RSSI;4) Indeterminate remote transceivers with lower RSSI; and5) Excluded remote transceivers.

After prioritization of multiple remote transceivers is complete, andthe challenge order determined, the remote transceiver 14 having thehighest priority may be challenged first, as it may be the bestcandidate for authorization amongst other remote transceivers. Thechallenge phase 40 may begin by determining whether the remotetransceiver 14 having the highest priority is classified as included. Ifthe remote transceiver 14 is included, the challenge antenna may bedetermined. As previously mentioned, the challenge antenna may bepredetermined based on the passive function presently occurring (e.g.,passive entry through physical touch of a specific door handle). Inother instances, the challenge antenna may not be determined until afterthe query phase 38 is complete, at which time a suitable challengeantenna may be selected. Again, it should be noted that the challengeantenna may not necessarily be one of the query antennas. In any event,once determined, the challenge antenna may transmit an encryptedchallenge signal 58 to the remote transceiver 14 having the highestchallenge priority. The encrypted challenge signal 58 may include anencrypted data portion 60 and one or more signal portions 62, 64. Theencrypted data portion 60 may carry a security challenge. The one ormore signal portions 62, 64 may be continuous wave (CW) signals,transmitted at a predetermined frequency for a predetermined period oftime, which may be used for RSSI measurement. The control unit 16 maythen await a response from the remote transceiver 14. If the challengedremote transceiver 14 receives the encrypted challenge signal 58 fromthe challenge antenna, the challenged remote transceiver may send anencrypted response signal 68 back to the control unit 16 confirming itssecurity credentials. The encrypted response signal 68 may be validatedif the encryption matches. If valid, the challenged remote transceiver14 may be authorized and the passive function may be carried out.

If, however, the challenge fails, the challenged remote transceiver 14may be considered as excluded for the remainder of the authorizationsession. In this instance, the remote transceiver having the nexthighest priority may be challenged next. The challenge process mayrepeat until a remote transceiver is successfully authorized or thereare no more included remote transceivers remaining to be challenged. Aspreviously mentioned, the prioritization process may yield improvedperformance latency for successful passive system operation. Althoughsystem latency may increase as more remote transceivers are challenged,performance may be optimized by keeping the increments of latency assmall as possible by always challenging a remote transceiver determinedto be the next best candidate according to the challenge hierarchy.

If all remote transceivers classified as included have been excluded dueto failure of the challenge phase 40, the system 10 may turn to theindeterminate remote transceivers for authorization. In this regard, theindeterminate remote transceivers may undergo further evaluation. Thisfurther evaluation may include querying at least one of theindeterminate remote transceivers again using one or moresub-authorization zones (“sub-zones”) 70, as shown in FIG. 1, specifiedby the passive activation system 10. Re-querying against additionalsub-zone criteria may help to resolve an indeterminate position. To thisend, sub-zone processing may involve one or more additional and/ordifferent antennas 34 to acquire more strategic location information forindeterminate remote transceivers. Like the initial query phase, asecond query signal comprising one or more additional signal bursts maybe transmitted from the sub-zone antenna configuration. Additional, andperhaps more conclusive, location information may be obtained in replysignals 56 transmitted from the remote transceivers 14 in response tothe second query signal. Although system latency may suffer ifadditional sub-zone processing is required to authorize a remotetransceiver, insuring fail-safe operation of the passive activationsystem 10 may now take precedence. Accordingly, the passive activationsystem 10 may make every available attempt to authorize a valid remotetransceiver 14. Degradation in latency may be acceptable in suchinstances in order to obtain a successful authorization.

During sub-zone processing, new signal amplitudes may be accumulated forall responding remote transceivers 14 and their RSSI data evaluated in asimilar fashion as the initial query phase. The remote transceivers 14may then be re-prioritized and a new challenge order for challenging theremote transceivers in the aforementioned manner. The authorizationprocess may repeat until either a valid remote transceiver has beenauthorized or all remote transceivers have been exhaustively anddefinitively excluded.

FIG. 2 b depicts an alternate, exemplary signal diagram 42′ according toone or more embodiments of the present application, wherein likeelements are given like reference numerals. The signal diagram 42′ inFIG. 2 b be may be representative of a signal sequence for a doorlock/unlock protocol. As seen therein, the signal burst 50 from thefirst query antenna 34 (A) may include both the data portion 52 and thesignal portion 54. However, the signal bursts 50 from the other queryantennas 34 (B, C) may only include the signal portion 54. During anattempt by an operator to gain entry at a vehicle door, the approachingor physical touching of the door's access handle 26 may trigger thepassive activation system 10 to perform passive entry. The authorizationzone 32 selected for use by the passive activation system 10 may befixed to encompass a region immediately adjacent the chosen door 28.Moreover, the challenge antenna may be predetermined to be the antennalocated nearest the corresponding access handle 26. Thus, the firstquery antenna 34 (A) may also be the challenge antenna. In thisinstance, it may not be necessary to include a data portion containinginstructions with the signal bursts 50 sequentially transmitted from theother query antennas 34 (B, C) because if a remote transceiver does notrespond to at least the first query antenna, then the passive activationsystem 10 may not want to authorize that remote transceiver. As aresult, system latency may be improved since the query signal 48′ maytake less time to transmit.

Referring now to FIGS. 3 a-b, a simplified, exemplary process flowchart300 depicting one or more embodiments for authorizing a remotetransceiver 14 in connection with the passive activation system 10 isshown. As seen therein, the authorization session may begin when thepassive activation system 10 (e.g., via controller 20) detects certainbehaviors or actions towards the vehicle by a person, operator or user(310). For example, the physical touching of an access handle 26 (e.g.,door, trunk, liftgate, liftgate window, etc.) may prompt the passiveactivation system 10 to authorize a remote transceiver 14 for passiveentry. Likewise, the pressing of the pushbutton ignition switch 30 maytrigger an authorization attempt for passive engine starting. Thepassive activation system 10 may continuously monitor for triggeringactivity. Moreover, the system 10 may only monitor for some triggeringactivity, rather than all triggering activity, depending on certainvehicle operating conditions at the time. Under some vehicle operatingconditions, the passive activation system 10 may not be active at all.If action is detected that prompts an authorization session to occur,the query phase 38 may be initiated. Accordingly, the system may firstdetermine the query protocol for carrying out the initial query phase(312). The query protocol may be based upon the particular user actionthat prompted the authorization session. For instance, if an attempt togain entry is detected, the system 10 may first identify the accesspoint, then apply the query protocol best suited to carry out the queryphase 38. To this end, the query protocol may include instructionstelling the system which antennas 34 to use, what signals to transmit,what data to include in those signals, as well as identify the boundary36 of the relevant authorization zone 32.

Once the query protocol is determined, the system 10 may query for thepresence of one or more remote transceivers 14 within the authorizationzone 32 (314). This may include, for instance, transmitting a querysignal 48 from one or more query antennas. Accordingly, in one example,the query signal 48 may include three sequential signal bursts 50 fromthree different antennas strategically located on the vehicle 12. Thesignal bursts 50 may be transmitted in discrete time steps so that thesignal amplitude of each may be sampled by any remote transceivers 14within the transmission range. Data within the signal bursts 50 mayinclude messages requesting a reply signal 56 from each remotetransceiver 14 in response to the query signal 48. The reply signal 56may contain RSSI data corresponding to the sampled signal amplitudes foreach query antenna signal burst 50. Accordingly, the passive activationsystem 10 may determine whether any reply signals 56 have been receivedfrom the remote transceivers 14 (316). If no responses are received, thequerying step may be retried a predetermined number of times. If noresponse is received from a remote transceiver 14 after the retries havebeen exhausted, the system 10 may conclude that the authorization hasfailed and end the authorization session (318). If, on the other hand, areply signal 56 from at least one remote transceiver 14 is received, theauthorization session may continue. Next, the system 10 may determinewhether any of the responding remote transceivers 14 were previouslyexcluded during another portion of the authorization session (320).Therefore, this step may not be relevant during the initial query phaseas no remote transceivers have been characterized as excluded yet.

Each reply signal 56 received from the responding remote transceivers 14may then be evaluated to determine whether the position (location) ofthe corresponding remote transceiver is included in the authorizationzone 32, excluded from the authorization zone 32, or indeterminate(322). In doing so, the system 10 may evaluate the RSSI data collectedfrom each remote transceiver 14. As previously described, an RSSI valuefor each remote transceiver 14 may be based upon the RSSI data collectedfrom just one of the query antennas (e.g., a predetermined challengeantenna) or may be based upon the summation of RSSI data collected fromall of the query antennas. Once the reply signals 56 from the remotetransceivers 14 have been evaluated, the remote transceivers 14 may besorted in accordance with the challenge hierarchy to minimize latency(324). The challenge hierarchy may determine the order in which theremote transceivers 14 are challenged during the challenge phase 40 ofthe authorization session. The challenge order may be based primarilyupon the classification of the remote transceivers 14 as eitherincluded, excluded or indeterminate. Further, the challenge order may bebased secondarily upon the RSSI value obtained for each respondingremote transceiver. To this end, included remote transceivers with ahigher RSSI value may have priority over included remote transceiverswith a lower RSSI value. In turn, included remote transceivers with alower RSSI value may have priority over indeterminate remotetransceivers. Indeterminate remote transceivers with a higher RSSI valuemay have priority over indeterminate remote transceivers with a lowerRSSI value. Finally, indeterminate remote transceivers with a lower RSSIvalue may have priority over excluded remote transceivers. Referringbriefly back to step 320, previously excluded remote transceivers do notneed to be evaluated again by their RSSI data as they may be treated asexcluded for the remainder of the session. Thus, step 322 may be skippedfor the previously excluded remote transceivers.

Once the remote transceivers 14 have been prioritized based on theirquery responses, the challenge phase 40 may begin. The first step of thechallenge phase may be to determine whether the location of the remotetransceiver 14 presently given the highest priority is classified asincluded (326). If the remote transceiver 14 is included, then thechallenge protocol for challenging the remote transceiver may bedetermined (328). The challenge protocol may dictate, for example, whichantenna is the challenge antenna. Once the challenge antenna isdetermined, the remote transceiver 14 having the highest priority may bechallenged (330). Specifically, the challenge antenna may transmit anencrypted challenge signal 58 to the remote transceiver 14 having thehighest challenge priority. The challenge antenna may then await aresponse from the remote transceiver (332). If the challenged remotetransceiver 14 receives the encrypted challenge signal 58 from thechallenge antenna, the challenged remote may send an encrypted responsesignal 68 back to the control unit 16 to confirm its securitycredentials. If no responses are received, the remote transceiverchallenge may be retried a predetermined number of times until aresponse is received.

If an encrypted response signal 68 is received from the remotetransceiver 14, then the system 10 may attempt to validate the responsesignal (334). The encrypted response signal 68 may be validated if theencryption matches the encryption of the challenge signal 58. Based onthe exchange between the challenge antenna and the remote transceiver,the system 10 can determine whether the remote transceiver is authorized(336). If the challenged remote transceiver 14 is authorized, the system10 may determine whether to conduct a post-challenge evaluation of theresponse signal 68 (338). In doing so, the system 10 may determine if ithas been flagged to perform the post-challenge evaluation earlier in theprocess. The post-challenge evaluation process will be described ingreater detail to follow. Assuming a post-challenge evaluation flag hasnot been set, the system 10 may conclude that authorization of theremote transceiver 14 was successful and the passive function may becarried out (340).

Returning to step 336, if it is determined that the remote transceiver14 is not authorized because its response cannot be validated, thesystem 10 may classify, label or otherwise flag the challenged remotetransceiver as excluded (342). Accordingly, the remote transceiver 14may be treated as excluded for the remainder of the authorizationsession. Thereafter, the system 10 may determine whether there are moreremote transceivers 14 to challenge (344). If multiple remotetransceivers 14 responded during the query phase 38, additional remotetransceivers may remain available for challenge purposes. If no remotetransceivers remain to be challenged, the system 10 may conclude thatthe authorization has failed and end the authorization session (318).However, if additional remote transceivers 14 remain to be challenged,the process may return to step 324 where the remaining remotetransceivers may be re-prioritized. Namely, the remote transceiver 14flagged as excluded at step 342 due to an unsuccessful challenge may beshuffled to the bottom of the challenge order so that the remotetransceiver with the next highest priority may be challenged.

Returning to step 332, if no response is received and the predeterminedretry count has been exhausted, the system may determine whether thereare more remote transceivers 14 to challenge (344). If so, the processmay also return to step 324 where the remaining remote transceivers maybe re-prioritized. Thereafter, the process may then return to step 326where it can be determined whether the position of the new highestpriority remote transceiver 14 is included. If the remote transceiver 14is included, it may be challenged in the manner previously describedbeginning at step 328. If, however, there are no remaining remotetransceivers 14 whose position is included in the authorization zone,the system 10 may then determine whether the location of the highestpriority remote transceiver 14 remaining to be challenged isindeterminate (346). If the answer is no, then it may be assumed thatthe remaining remote transceivers 14 have been classified as excluded.Accordingly, the system 10 may conclude that the authorization hasfailed and end the authorization session (318). However, if the highestpriority remote transceiver 14 is indeterminate, further evaluation maytake place to definitively resolve its location.

Upon further evaluating an indeterminate remote transceiver, the system10 may first determine whether certain conditions exist that call for apost-challenge evaluation to be performed on the remote transceiver(348). Accordingly, such conditions may be referred to as post-challengeevaluation conditions. Satisfaction of the post-challenge evaluationconditions may signify that virtually all steps to authorize a remotetransceiver have been exhausted and that one final analysis may beperformed at the conclusion of the challenge phase 40. Assuming that thepost-challenge conditions have not been met, the aforementioned sub-zoneprocessing may commence. As previously described, the sub-zoneprocessing may include querying indeterminate remote transceivers usingone or more sub-authorization zones (“sub-zones”) 70 specified by thepassive activation system 10. Re-querying against additional sub-zonecriteria may help to resolve an indeterminate position. Sub-zoneprocessing may involve one or more additional and/or different antennas34 to acquire more strategic location information for indeterminateremote transceivers. To this end, a sub-zone query protocol may bedetermined that identifies this new antenna configuration for querying asub-zone 70 (350). The sub-zone antenna configuration may include atleast one additional antenna different from the initial query antennas.As there may be a finite number of sub-zones 70 to query, the system 10may determine if all sub-zones have been queried (352). If all sub-zones70 have been exhausted, the system 10 may conclude that theauthorization has failed and end the authorization session (318).However, if an additional sub-zone 70 remains, the process may return tostep 314 in which the sub-zone 70 may be queried in accordance with thesub-zone query protocol. Like the initial query phase, a sub-zone querysignal may be transmitted from the sub-zone antenna configuration.Additional, and perhaps more conclusive, location information may beobtained in reply signals transmitted from the remote transceivers 14 inresponse to the sub-zone query signal.

Returning to step 348, if it is determined that the post-challengeevaluation conditions are satisfied, the system 10 may proceed withchallenging the indeterminate remote transceiver rather than re-queryingusing sub-zone criteria. A post-challenge evaluation may utilize RSSIdata returned from a challenged remote transceiver 14 in the encryptedresponse signal 68 to resolve the indeterminate position of the remotetransceiver. Because the post-challenge evaluation may eliminate theneed to conduct an additional query phase using sub-zone criteria,latency may be reduced for this final attempt at authorization. Aspreviously mentioned, the post-evaluation conditions tend to signifythat all other attempts to authorize a remote transceiver have beenexhausted. For instance, one condition may be that only one remotetransceiver remains to be challenged. Further, another condition may bethat there are no more authorization zones 32 or sub-zones 70 to queryfor the current authorization session. Since a post-challenge evaluationmay utilize RSSI data returned from the indeterminate remote transceiverin its encrypted challenge response, additional post-challengeevaluation conditions may be that the current query/challenge sub-zoneprotocol specify that only one additional antenna 34 is required for thecurrent sub-zone and that the required additional antenna is the same asthe specified challenge antenna. In this instance, the challenge antennamay be explicitly specified in both the sub-zone query and challengeprotocols.

In the event that all of the post-challenge evaluation conditions aresatisfied, the indeterminate remote transceiver 14 may be flagged forpost-challenge evaluation (354) and then proceed to the challenge phasebeginning at step 328. If a valid encrypted challenge response signal 68was received from the indeterminate remote, the system 10 may again lookfor the post-challenge evaluation flag to be present, as provided atstep 338. If the post-challenge evaluation flag is present, as it is inthis instance, RSSI data obtained in the challenge response signal 68may be evaluated to resolve the indeterminate position of the remotetransceiver 14 (356).

Next, the system 10 may determine whether the new RSSI data issufficient to indicate that the remote transceiver 14 is in an includedposition (358). If the RSSI data fails to indicate an included position,the system 10 may conclude that the authorization has failed and end theauthorization session (318). However, if the RSSI data does indicatethat the remote transceiver 14 is located in an included position, thesystem 10 may conclude that remote transceiver is successfullyauthorized and the passive function may be carried out (340).

As described above, authorization management for a multi-remotetransceiver scenario can be complex under normal operating conditions.However, the authorization management and protocol in a multi-remotescenario involving unexpected behavior and/or system failures may beequally, if not more, complex in nature. Moreover, as system latency isa priority, managing authorization failures may be equally important.Since a passive activation system is a two-way, radio basedcommunication system, there are situations and opportunities wherecommunications can be corrupted. This may lead to degraded performanceor loss of functionality of the passive activation system as perceivedby the user or operator. To contend with these conditions, amulti-state, conditional retry strategy and methodology may be employed,as depicted in FIG. 4 a-b. The retry strategy may have two primarypriorities: a) keep the performance latency as minimal as possible; andb) insure fail-safe operation of the passive activation system 10 duringpoor operating conditions. The retry method may be divided into severalsub-functions. For example, the retry method may include a query phaseretry strategy 72, a challenge phase retry strategy 74, and anauthorization session retry strategy 76.

Query Phase Retry Strategy

As previously described, the passive activation system 10 may beactivated upon, for example, an attempt by an operator to gain entry tothe vehicle 12 by physically touching an access handle 26. Upon such anevent, the passive activation system 10 must authorize a remotetransceiver 14, typically carried by a valid operator, mated to thesystem 10 using a challenge/response protocol. To wake-up and identifyremote transceivers 14 proximate the vehicle 12 for the challenge phase40, the query phase 38 may first be conducted to determine the presenceof one or more remote transceivers that may be candidates forchallenging. The execution of the query phase 38 and the challenge phase40 may constitute an authorization session.

As previously described, the passive activation system 10 may transmit afirst query signal 48 during the initial query phase. All remotetransceivers 14 within range may receive the first query signal 48 andtransmit a first query reply signal 56 back to the passive activationsystem 10 in response. If the passive activation system 10 does notreceive any responses from any remote transceiver, the system may retrythe query phase 38 up to a specified number of counts. If the retrycounts are exhausted before any responses are received, then failedoperation of the passive activation system 10 may be assumed. On theother hand, if at least one response is received from a remotetransceiver, the passive activation system 10 may assume this is theonly remote transceiver present and no further retries may be executedto query for additional remote transceivers 14. In this event, normaloperation may be assumed and the challenge phase 40 may commence.However, if an unrecoverable failure is detected, the authorizationsession may stop immediately.

Furthermore, for passive related functions that may be executed for thepurpose of search, location or other similarly related functions, wherethe priority is to locate all possible remote transceivers 14, the queryphase 38 may be unconditionally retried up to a specified number ofcounts for the purpose of intrinsic redundancy. In this case, theredundant query phases may assure that all remote transceivers havemultiple opportunities to respond in the unforeseen event ofdisturbances in communication during one or more query phases or remotetransceiver responses.

Challenge Phase Retry Strategy

During the challenge phase 40, each remote transceiver 14 that isincluded in the authorization zone 32 to be challenged may be assignedits own retry counter. The retry counters for all remote transceivers 14may be initialized to the same specified number of counts. The retrycounter for each remote transceiver 14 may be decremented as each remotetransceiver retries the challenge phase 40. Once a remote transceiver'sretry counter reaches zero, that remote transceiver may no longer bechallenged and may then be reclassified as excluded for the remainder ofthe authorization session. The remote transceivers 14 may then bere-prioritized according to the challenge hierarchy, in which case thesecond highest priority remote transceiver now becomes the first highestpriority remote transceiver and so on. When the last included remotetransceiver is reached, the system 10 may wrap back around to the firsthighest priority included remote and continue the retries as necessaryuntil a remote transceiver is authorized. When all retries havecompletely been exhausted on every included remote transceiver, thesystem 10 may then move into processing and management of anyindeterminate remote transceivers, as previously described herein.

The conditions that govern the retry order, in the case where multipleremote transceivers 14 are present, may depend upon the type of failureprompting a retry. As previously stated, the highest priority includedremote transceiver may always be challenged first. When this unit failsthe challenge phase 40, there can be several reasons why the challengefailed. According to one or more embodiments of the present application,the failure type may determine the next remote transceiver to retry.

A first failure type may be referred to as a simple failure. Simplefailures may include failures due to a cyclic redundancy check (CRC),relay attacks, and the like. Therefore, a simple failure may be detectedwhen a data error occurs or a spoofed signal is detected. If the failureis a simple failure, the same remote transceiver may be retried. This isbecause the system may know that the remote transceiver is present andwas previously established to be the best candidate for the challengephase. Therefore, incessant retries on the same remote transceiver mayoccur for simple failures until the unit's retry counter reaches zero.

A second failure type may be referred to as a complex failure. Complexfailures may include instances in which no response is received from achallenged remote transceiver. If the failure is a complex failure, theretry may occur on the next highest priority included remote transceiverin the authorization zone. This is because the system may assume thecurrent remote transceiver is no longer within communication range orthe UHF channel on which the remote transceiver transmits is beingjammed. Therefore, a successive retry on the next highest priorityremote transceiver may immediately occur for complex failures.

A third failure type may be referred to as an explicit failure. Explicitfailures may correspond to instances in which a response is received,but the system cannot validate the remote transceiver's securitycredentials. Thus, the remote transceiver may be deemed unauthorized. Ifthe failure is an explicit failure, such as the remote transceiver beingunauthorized, the remote transceiver may be immediately de-prioritizedas excluded for the remainder of the authorization session. Theremaining remote transceivers may then be re-prioritized and the retrymay occur on the next highest priority included remote transceiver inthe authorization zone.

A fourth failure type may be referred to as an unrecoverable failure.Unrecoverable failures may include hardware or system failures. If thefailure is an unrecoverable failure, the authorization session may beimmediately interrupted and no retries of any kind may occur.

Authorization Session Retry Strategy

If the authorization session has failed after completely exhausting allretries and possibilities for success absent an unrecoverable failure,an authorization session retry may implemented that can automaticallyre-trigger the authorization zone for a specified number of counts. Inthis regard, the query and challenge retry counters may be reset and thequery process reinstituted. This third retry may be the last and finalattempt at failsafe operation of the passive activation system 10. Theauthorization session retry may occur until a remote transceiver 14 isauthorized or until the retry counts have been exhausted.

Referring now to FIG. 4 a-b, a simplified, exemplary process flowchart400 depicting the retry methodology for managing authorization failuresin connection with the passive activation system 10 according to one ormore embodiments of the present application is shown. Prior tocommencement of the query phase retry strategy 72, an authorizationsession retry counter for the passive activation system 10 may beinitialized for a predetermined number of authorization retry counts(410). Next, a query retry counter may be initialized for apredetermined number of query retry counts prior to the initial queryprocess (412). Then, the query process described above may occur inwhich a query signal 48 may be transmitted from a plurality of queryantennas 34 to detect for the presence of one or more remotetransceivers 14 proximate the vehicle 12 (414). Prior to checking forany responses to the query signal, the system 10 may determine whetheran unrecoverable failure has occurred (416). As previously mentioned,upon detection of an unrecoverable failure, such as a hardware or systemfailure, the authorization session may be immediately terminated (418).

However, assuming no unrecoverable failures have been detected, thesystem 10 may determine whether any reply signals 56 have been receivedfrom the remote transceivers 14 in response to the query signal 48(420). If a reply signal 56 has not been received from any remotetransceiver 14, a complex failure may be detected and the query processmay be retried. To this end, the system 10 may determine whether thequery retry counter has been depleted (422). If the query retry counterhas reached zero without receiving any remote transceiver responses, thesystem 10 may determine that no valid remote transceivers are presentand prevent the passive related function, such as passive entry orpassive start, from occurring (418). If, however, additional retriesremain, the query retry counter may be decremented (424) and the queryprocess retried (414).

For passive related functions that may be executed for the purpose ofsearch, location or other similarly related functions, where thepriority is to locate all possible remote transceivers 14, the queryphase 38 may be unconditionally retried up to a specified number ofcounts for the purpose of intrinsic redundancy, as previously mentioned.In this case, the redundant query phases may assure that all remotetransceivers have multiple opportunities to respond in the unforeseenevent of disturbances in communication during one or more query phasesor remote transceiver responses. Accordingly, the query process at step414 may reoccur up to the specified number of counts regardless ofwhether a reply signal 56 has been received. In this instance, athorough search may take precedence over latency concerns.

Returning to step 420, if a reply signal 56 is received from at leastone remote transceiver 14, the challenge phase 40 may commence and thechallenge phase retry strategy 74 may be employed. At the outset, achallenge phase retry counter for each of the remote transceivers 14responsive during the query phase 38 may be initialized for apredetermined number of challenge retry counts (426). Then, as describedherein, the challenge process may begin in which an encrypted challengesignal 58 is sent from a challenge antenna to the remote transceiver 14at the top of the challenge order, in accordance with the challengehierarchy, in an attempt to valid the remote transceiver's securitycredentials (428). Again, the system 10 may detect for unrecoverablefailures, such as a hardware or system failure, during the challengephase 40 (430). Assuming no unrecoverable failures have been detectedthat would terminate the authorization session, the system 10 maydetermine whether a response signal 68 has been received from the remotetransceiver presently being challenged (432).

If a response from the challenge remote transceiver has not beenreceived, a complex failure may be detected and the system 10 may decideto challenge the next highest priority remote transceiver according tothe challenge order. In this regard, the next highest priority remotetransceiver may become the current remote transceiver for challengepurposes (434). The system 10 may then determine whether challenge phaseretry counter for the current remote transceiver to be challenged isdepleted (436). If challenge retry counts remain for the current remotetransceiver 14, the corresponding challenge phase retry counter may bedecremented (438) and the challenge process retried (428). On the otherhand, if no retries remain for the current remote transceiver 14, theremote transceiver may be re-classified as excluded for the remainder ofthe authorization session (440). Correspondingly, the remaining remotetransceivers may be re-prioritized according to the challenge hierarchyand a new challenge order determined (442). The system 10 may thendetermine whether any remote transceivers 14 remain that are candidatesfor the challenge process (444). Assuming there remains additionalremote transceivers to challenge, the process may return to step 434 inwhich the next remote transceiver according to the challenge order maybe selected for challenge purposes.

Returning briefly to step 432, if it is determined that a responsesignal 68 has been received from the challenged remote transceiver 14,the system 10 may next determine whether a data error has occurred orwhether the response signal has been spoofed (446). If so, a simplefailure may be detected, such as a CRC or relay attack, that may inhibitauthorization of the remote transceiver 14 currently being challenged.If a simple failure does exist, the system 10 may simply re-challengethe same remote transceiver 14. Accordingly, the method may proceed tostep 436 in which the system 10 checks whether additional challengeretry counts for the current remote transceiver remain. If, however, nosimple failures are detected, the system 10 may next determine whetherthe authorization has failed due to an explicit failure (448). Aspreviously described, an explicit failure may occur when the securitycredentials transmitted in the response signal 68 from the challengedremote transceiver 14 cannot be validated by the passive activationsystem 10. If an explicit failure is not detected, the remotetransceiver 14 may be authorized and the passive vehicle function may becarried out (450). For passive related functions that may be executedfor the purpose of search, location or other similarly relatedfunctions, where the priority is to locate all possible remotetransceivers 14, the challenge phase may be executed for each remotetransceiver 14 responsive during the query phase, even if one hasalready been validated. However, if the response signal 68 cannot bevalidated and an explicit failure is detected, the method may proceed tostep 440 in which the challenged remote transceiver is de-prioritized asexcluded for the remainder of the authorization session.

Returning to step 444, if the current authorization session has failedafter completely exhausting all retries for all remote transceiversdetected, and no remote transceivers 14 remain to be challenged, theentire authorization session may be retried. Accordingly, the system 10may first determine whether any authorization retry counts remain in theauthorization session retry counter (452). If authorization retry countsremain, the system 10 may decrement the authorization session retrycounter (454) and the method can return to step 412 in which theauthorization zone is re-queried. If, however, no authorization retrycounts remain, the system 10 may conclude that the authorization attemptwas unsuccessful as unauthorized and finally terminate the authorizationprocess (456).

It should be noted that the method of FIGS. 3 a-b and 4 a-b as describedherein is exemplary only, and that the functions or steps of the methodcould be undertaken other than in the order described and/orsimultaneously as may be desired, permitted and/or possible.

While various embodiments have been illustrated and described, it is notintended that these embodiments illustrate and describe all possibleforms of the invention. Rather, the words used in the specification arewords of description rather than limitation, and it is understood thatvarious changes may be made without departing from the spirit and scopeof the invention.

1. A method for authorizing a passive vehicle function, the methodcomprising: transmitting a first query signal for receipt by a pluralityof remote transceivers proximate a vehicle; receiving a first replysignal from each of the plurality of remote transceivers receiving thefirst query signal; determining a challenge order for authenticating anyone of the plurality of remote transceivers based upon each first replysignal; and transmitting a challenge signal to a selected remotetransceiver of the plurality of remote transceivers based upon thechallenge order, the challenge signal prompting a challenge reply signalfor the selected remote transceiver.
 2. The method of claim 1, whereinthe first query signal comprises a plurality of sequential signalbursts, each sequential signal burst transmitted from one of a pluralityof antennas located on the vehicle.
 3. The method of claim 2, whereinthe plurality of antennas transmitting the first query signal generatean authorization zone having boundaries defined using signal strengthcriteria for each of the plurality of antennas.
 4. The method of claim3, wherein the first reply signal includes signal strength data sampledfor each signal burst transmitted from the plurality of antennas.
 5. Themethod of claim 4, further comprising: determining whether the locationof each remote transceiver is in the authorization zone, out of theauthorization zone, or indeterminate based upon the signal strengthdata.
 6. The method of claim 5, wherein the challenge order is based atleast in part upon the determined location for each remote transceiver.7. The method of claim 6, wherein the challenge order amongst remotetransceivers determined to be within the authorization zone is furtherbased upon the signal strength data.
 8. The method of claim 6, furthercomprising: transmitting a second query signal for receipt by at leastone remote transceiver having an indeterminate location upon adetermination that no remote transceivers within the authorization zonehave been authenticated, wherein the second query signal is at leastpartially transmitted from at least one additional antenna differentfrom the plurality of antennas; receiving a second reply signal from theat least one remote transceiver in response to the second query signal;and determining a new challenge order for authenticating the at leastone remote transceiver based upon the second reply signal.
 9. The methodof claim 6, further comprising: receiving a valid challenge reply signalfrom the selected remote transceiver authenticating the selected remotetransceiver; evaluating the signal strength of the valid challenge replysignal if the location of the authenticated remote transceiver isindeterminate; and authorizing the authenticated remote transceiver upona determination that the signal strength of the valid challenge replysignal indicates that the authenticated remote transceiver is within theauthorization zone.
 10. A passive activation system for a vehicle, thesystem comprising: a plurality of antennas arranged at various locationsthroughout the vehicle, the plurality of antennas configured to:transmit a first query signal for receipt by one or more remotetransceivers located proximate the vehicle, and receive a first replysignal transmitted from each of the remote transceivers in response tothe first query signal, the first reply signal including signal strengthdata sampled by the remote transceiver for each of the plurality ofantennas; and a controller on board the vehicle and in communicationwith the plurality of antennas, the controller configured to: determinea challenge order for authenticating any one of the remote transceiversbased upon the signal strength data transmitted in each first replysignal, and instruct a challenge antenna to transmit a challenge signalto one of the remote transceivers based upon the challenge order. 11.The system of claim 10, wherein the first query signal comprises aplurality of sequential signal bursts, each sequential signal bursttransmitted from one of the plurality of antennas.
 12. The system ofclaim 10, wherein the signal strength data in each first reply signalindicates whether the location of the corresponding remote transceiveris included within an authorization zone, excluded from theauthorization zone, or indeterminate.
 13. The system of claim 12,wherein boundaries of the authorization zone are defined using signalstrength criteria for each of the plurality of antennas.
 14. The systemof claim 13, wherein remote transceivers located within theauthorization zone are challenged before remote transceivers having anindeterminate location.
 15. The system of claim 14, wherein remotetransceivers having stronger signal strength data are challenged beforeremote transceivers having weaker signal strength data.
 16. The systemof claim 12, further comprising at least one additional antennadifferent than the plurality of antennas, the at least one additionalantenna configured to: at least partially transmit a second query signalfor receipt by at least one remote transceiver having an indeterminatelocation, and receive a second reply signal from the at least one remotetransceiver in response to the second query signal, the second replysignal including signal strength data sampled by the at least one remotetransceiver for each of the plurality of antennas, wherein the signalstrength data in each second reply signal indicates whether the locationof the corresponding remote transceiver is included within anauthorization sub-zone, excluded from the authorization sub-zone, orstill indeterminate.
 17. The system of claim 16, wherein the controlleris further configured to determine a new challenge order forauthenticating the at least one remote transceiver based upon the secondreply signal.
 18. The system of claim 12, wherein the challenge antennais further configured to receive a valid challenge reply signal from oneof the remote transceivers to obtain an authenticated remotetransceiver; and wherein the controller is further configured to:evaluate the signal strength of the valid challenge reply signal if thelocation of the authenticated remote transceiver is indeterminate, andauthorize the authenticated remote transceiver upon a determination thatthe signal strength of the valid challenge reply signal indicates thatthe authenticated remote transceiver is within the authorization zone.19. A method for authorizing a passive vehicle function, the methodcomprising: querying for the presence of a remote transceiver within anauthorization zone using a number of antennas positioned throughout avehicle that each transmit a signal burst; receiving a response from atleast two remote transceivers proximate the vehicle, each responseincluding an RSSI value for each signal burst; determining a locationfor each remote transceiver with respect to the authorization zone basedon the RSSI value; classifying each remote transceiver as eitherincluded in the authorization zone, excluded from the authorizationzone, or indeterminate based on the determined location; determining aprimary challenge order for challenging each remote transceiverindividually based upon the classification; determining a secondarychallenge order for challenging remote transceivers included in the sameclass based upon the RSSI value; determining an overall challenge orderbased upon the primary challenge order and the secondary challengeorder; and sequentially challenging the at least two remote transceiversby transmitting an encrypted challenge signal from a challenge antennato each remote transceiver in accordance with the overall challengeorder until a valid challenge response signal is received with matchingencryption from one of the at least two remote transceivers.
 20. Themethod of claim 19, further comprising: querying for the presence of anindeterminate remote transceiver within a sub-zone using at least oneadditional antenna upon a determination that no remote transceiverswithin the authorization zone have been authenticated; receiving asecond response from the at least two remote transceivers; anddetermining a new challenge order for challenging the at least tworemote transceivers based at least in part upon the second response.